CVE-2018-9073

Summary

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.

Affected Software

VendorProductVersion RangeStatus
LenovoChassis Management Module (CMM)unspecified < 2.0.0affected

Weaknesses

  • Hardcoded Encryption Key

ADP Enrichment

CVE Program Container

Additional References

References